Speaking Notes: The Data Center Network Evolution

I will be presenting at the Cisco Connect Canada tour in Edmonton and Calgary on November 3rd and 5th, respectively. My presentation is about that three letter acronym that everyone loves to hate: SDN :-)

I will talk about SDN in general terms and describe what it really means; what we’re really doing in the network when we say that it’s “software defined”. No unicorns or fairy tales here, just engineering.

Next I’ll talk about three areas where Cisco is introducing programmability into its data center solutions:

Application Centric Infrastructure

Virtual Topology System

Open NX-OS

Below are the notes I made for myself while researching these topics and preparing for the presentation. At the bottom of this post is a Q&A section with some frequently asked questions.

Q&A

NOTE: 7.0(3)I2(1) has been deferred due to CSCuw65317. Please look for 7.0(3)I2(1a) instead.

Is “Open” NX-OS available on N2k/5k/7k/9k? Some? All?

The features described above are available on the Nexus 3000 and 9000 series at the time of this writing.

Is NX-API available on N5k/N7k?

Nexus 7000 starting in 7.2(0)D1(1)

Nexus 5000 starting in 7.2(0)N1(1)

The version of NX-API in these releases allow CLI commands to be sent to the switch (JSON formatted) and for the output to be received back in either plain ASCII or JSON or XML.

Is the NX-API RESTful on N5k/N7k?

The NX-API is only RESTful (as of this writing) on the n9k in NX-OS 7.0(3)I2(1)

The RESTful API exposes NX-OS configuration elements as objects against which create/update/delete operations can be performed. Eg: you can instruct the switch to create a new BGP neighbor by instantiating a “BGP neighbor” object and assigning it properties of “remote IP”, “remote ASN” and so on. NX-OS will then take this object and translate it into the running-config.

How do I access the bash shell?

From NX-OS CLI: run bash

If I run tcpdump in the bash shell, can that capture data plane traffic?

tcpdump will only see packets that are punted to the supervisor (control plane packets or packets that CEF is punting)

If I install a third-party RPM on the switch, how do I sandbox that software so it doesn’t interfere with or compromise NX-OS?

One of the features of the Bash shell is the ability to create Linux-based containers (referred to as the Secure Guest Shell). A secure guest shell is logically partitioned from the “main” shell and from NX-OS. It has its own CPU/memory resources and its own root file system.